The latest large-scale ransomware attack on a health technology provider, electronic prescription company MediSecure, was revealed last week.
MediSecure announced it had suffered a “cyber security incident” affecting people’s personal and health information. Details of the attack are scant. We’ve been told it stemmed from a “third-party vendor”, which means a company that provides services to another company.
Here’s the latest on the Medisecure data breach.
The @AUCyberSecCoord, Michelle McGuinness, is leading work across the Australian Government to support the company in managing this large-scale ransomware incident.
We will continue to provide updates in due course. https://t.co/w26gzws5wb
— Clare O’Neil MP (@ClareONeilMP) May 17, 2024
In a general sense, ransomware attacks occur when a hacker gets access to a system, infects and locks up files, and then demands a ransom – usually in cryptocurrency – for their release.
Government agencies including the National Cyber Security Coordinator and Australian Federal Police are investigating the incident.
Cybercrime is big business, generating huge profits. This latest incident shines a light on the vulnerability of health data specifically.
What are e-prescriptions?
E-prescribing works by sending prescriptions to a digital exchange, essentially a secure database of prescription information. From there, patients control which pharmacy can access it, by showing pharmacy staff a token such as a QR code or barcode.
Electronic prescriptions contain personal information such as people’s name, address, date of birth and Medicare number. They include details about prescribed medicines, as well as the prescriber’s name, address and other information.
The Digital Health Agency (an agency of the Australian government) reports that over the past four years, more than 189 million e-prescriptions have been issued by more than 80,000 clinicians.
Until late 2023, MediSecure was one of two national e-prescribing services, delivering prescriptions from health-care providers to pharmacies.
Last year, MediSecure was overlooked in a government tender process to appoint a single national e-prescribing provider. At that time, MediSecure held more than 28 million scripts.
MediSecure has noted the incident relates to data held by its systems up until November 2023.